Authentication system using paired, role reversing personal devices

ABSTRACT

An authentication system is provided for authenticating users in accordance with an encryption/decryption algorithm using first and second separately unique encryption keys that are time variable and are uniquely associated with each user, having a first user controlled computing device under the control of the user for generating said first encryption key using an encryption key generating algorithm. The first user controlled computing device includes a key transmitter for transmitting wirelessly within the immediate vicinity of the user the first encryption key, a second user controlled computing device, operating as a coordinating device under the control of the user, for generating the second encryption key using the encryption key generating algorithm. The second user controlled computing device includes a key receiver for receiving the first encryption key.

CROSS REFERENCE TO RELATED APPLICATION

This application claims priority to U.S. Provisional Application No.62/670,363, filed May 11, 2018, the content of which is herebyincorporated by reference in its entirety.

FIELD OF INVENTION

This invention relates to authentication of individuals using encryptedcommunications employing a Certification Authority.

BACKGROUND OF THE INVENTION

The migration of data to digital and, more recently, cloud based storagesolutions presents a fundamental and existential security risk toindividuals and organizations. The need to ensure that access is onlygranted to the appropriate entities is critical to ensure that thebenefits of this migration are not outweighed by the dangers. This meansthe ability to authenticate an entity as who or what it claims to be arebecoming increasingly important. Many methodologies have been proposedand implemented but most are flawed, either because they offer poorreliability or are too cumbersome and obtrusive for wide adoption.

One important attempt to provide digital security is known as a chain oftrust which is established by validating each component of hardware andsoftware from the end entity up to a root certificate. It is intended toensure that only trusted software and hardware can be used while stillretaining flexibility and ease of use. X.509 certificate chains is awidely used standard for digital certificates for use in chain of trustsystems, https://tools.ietf.org/html/rfc4158. However, there are anumber of notable publications which describe problems associated withX.509 certificate chains. See for example Ellison, Carl and Schneier,Bruce, “Top 10 PKI risks” (PDF), Computer Security Journal (Volume XVI,Number 1, 2000); Gutmann, Peter. “PKI: it's not dead, just resting”(PDF), IEEE Computer (Volume: 35, Issue: 8); and Gutmann, Peter.“Everything you Never Wanted to Know about PKI but were Forced to FindOut” (PDF). Retrieved 14 Nov. 2011. These problems relate toarchitectural weaknesses (including aggregation, delegation andfederation problems) and other weaknesses that do not avoidMan-In-the-Middle attacks including problems with certificationauthorities and other implementation issues.

Other methodologies for providing data security rely on a userremembering a unique passcode, phrase or pin. Such passcodes must becomplex and difficult enough to avoid discovery by guessing or bruteforce but also easy enough to remember that the user will be able torecall and input them when needed. Moreover, due to their nature, theycan be observed and copied without the user being aware they have beencompromised.

In an attempt to overcome the ease with which security can be breached,it has become more common to require two factor authentication. Thisapproach achieves greater security but requires the user to input twopieces of data or interact with two different components of the system(for instance a password and a previously authenticated contact point (aphone number that is know to the the users phone number), thusincreasing the complexity and intrusiveness to the user.

Attempts have been made to improve upon two factor authentication byincreasing the complexity of the data by deriving it from some highlyunique but repeatable source such as a fingerprint, voiceprint, facialfeatures or other biometric or environmental seed. Here again thepasskey is static and if the source can be copied, or the key that isgenerated by the source reproduced or copied, the system is compromised.This has been discussed extensively in the prior art. For example,Adrian Bridgwater has described biometrics as a third factor inauthentication technology and noted “ . . . [f]ingerprint images can bescanned and copied, voice can be recorded and facial image recognitiontechniques can potentially be circumvented via the use of simplepictures. . . . [These] third-factor[s] are . . . far from secure,”Biometrically Challenged: Tree factor Authentication Systems too Weakfor Web Banking, Haymarket Media, Inc., Mar. 22, 2016,https://www.scmagazine.com/biometrically-challenged-three-factor-authentication-systems-too-weak-for-web-banking/article/529016/?DCMP=EMC-SCUS_Newswire&amp%253BspMailingID=14047225&amp%253BspUserID=MjMyMDAwMzMzMjk4S0&amp%253BspJobID=741814899&amp%253BspReportId=NzQxODE0ODk5S0,.

The introduction of randomized symmetric key generation technologiessuch as RSA's SecureID, Authentication Your Way with RSASecureID®Access,https://information.rsa.com/rsa-securid-authentication-your-way.html?gclid=CjwKCAiAlL_UBRBoEiwAXKgW59fPzjmiIFUILNZJDiVrMJTJ-h13ofEoqWUjV-gn9uoxvJ6t6_BF4xoCBngQAvD_BwE,reduce the effectiveness of obtaining a key and increase the difficultyin guessing or deducing it by changing the key regularly. To ensure thatthe device generating the key has not fallen into compromised hands, thestandard application of this technology still requires the user to inputsome sort of password which can be compromised. Additionally someimplementations require a dedicated hardware device such as a token thatis an encumbrance, adds cost and difficult for the end user to implementand use.

Hybrid solutions can solve one problem but they retain or even compoundother issues. For example, see Nymi™ authentication system,https://nymi.com/solutions#individual_workstations which allowsauthentication through proximity detection of an authenticatingwearable. While this system provides a significant advance in ease ofuse, this approach suffers from a number of drawbacks including itsreliance on biometric sensing (see above) that inherently involves afixed seed and requires the expense and bother of creating, distributingand operating a dedicated proprietary wearable in the form of a wristmounted device.

Retail transactions using credit cards require the retailer tofacilitate the transaction between the customer and the credit cardcompany. As a by-product of these transactions the retail party comes incontact with confidential information (credit card numbers and clientnames) for which it must then be responsible. Data breaches of retailtransaction data can cause a huge financial liability to retailers.There are several examples of this outcome when such 3rd parties do notmeet their custodial responsibility and customer's sensitive informationis compromised by an unauthorized access, 11 of the Largest DataBreaches of All Time,https://www.opswat.com/blog/11-largest-data-breaches-all-time-updated.

Some of the deficiencies of the prior art are addressed by a technologydisclosed in U.S. Pat. No. 8,341,397 (assigned to MLRLLC, LLC a Virginialimited liability company) where specialized software is downloaded intowirelessly linked handheld and wearable devices such as a conventionalsmartphone and off-the-shelf smartwatch. The '397 technology minimizedthe amount of dedicated, proprietary hardware required forimplementation and the secret encryption key is constantly changed so itcannot be copied and reused. Moreover, the user is not required toprovide any remembered data. In the retail environment, a usefulimplementation of the '397 technology relies upon a line of sightbarcode link between the handheld and the retailer's point of saleequipment.

While useful for the purposes disclosed, the '397 technology does notdisclose an embodiment that is well adapted to on-site “retail”purchases without the requirement of an optical bar code link andassociated equipment. This requirement constitutes an impediment towidespread adoption of the technology in the retail environment.Moreover, the '397 technology requires the use of a handheld device,such as a smartphone, but does not teach how to achieve a high level ofsecurity should a consumer choose a set of devices that does not includea handheld device. The '397 technology also fails to teach theadvantages of having multiple personal devices, under the control of theuser, wherein each device participates in the generation of multipleencryption keys for use in forming encrypted messages and can operate asa coordinating device as desired by the user.

Other advances in the field have suggested multiple separate computerdevices under the control of the user such as U.S. Pat. No. 8,214,890 toKirovski et al (Microsoft) which discloses a login authentication from aclient computer to a remote server using a separate “trusted” devicewhich is under the user's control to establish a communication channelbetween the trusted device and the client. A second communicationchannel is established between the trusted device and the client wherethe second channel is not part of the network. The second secureconnection is “tunneled” within the first secure connection to allow theuser to “login” to the server over the second connection using thetrusted device. Moreover, Kirovski et al '890 protects the user in casethe user's trusted device is lost or stolen because the finder (orthief) will not have the required user login credentials. Should auser's credentials become known to a malicious party, the user's trusteddevice will not typically be available to the malicious party. Whilethis system avoids the requirement for a specialized token device andreduces the vulnerabilities associated with certain types of malware,the Kirovski et al '890 disclosed invention fails to eliminate the needfor input of user names and passwords. Moreover, Kirovski et al '890fails to envision the client and trusted devices reversing roles or howthe trusted device could be rendered ineffective if it comes into thepossession of a malicious party who also has obtained the user's logincredentials.

Canadian published application (CN104125068A) and world patentapplication (WO2016028752A1) both disclose wearable devices that allowfor wireless data storage and retrieval from the wearable device uponappropriate authentication but do not disclose authentication using aremote certification authority or other important features of thisinvention.

SUMMARY OF THE INVENTION

This Summary is provided to introduce a selection of concepts (includingvarious objectives, advantages and benefits) in a simplified form, whichare further described hereafter in the Detailed Description. ThisSummary is not intended to identify key features or essential featuresof the claimed subject matter, nor is it intended to be used as an aidin determining the scope of the claimed subject matter.

Selective Principles

The invention described herein is designed to achieve the high securitybenefits of the '397 technology in cooperation with a CertificationAuthority (CA) which among other functions operates as an authenticatingauthority AA without requiring the user to employ a handheld device suchas a smartphone. Instead, a minimum of two user controlled computingpersonal devices (PDs) defined as a computer resource (virtual orphysical) under the control of the user that is capable of running a keygenerating algorithm and (ideally encrypted) wireless communication withthe other PD, and at least one of these devices must be capable ofassuming the role of a Coordinating Device CD defined as a device thathas the capabilities of a PD and further includes a user interface UIwhich allows the user to interact with the CD and to communicate with aCertification Authority CA which can operate to authenticate the user.The CA can operate to implement either an asymmetric (e.g. PKI) orsymmetric key encryption/decryption algorithm.

By meeting these minimum requirements the PDs can function such thateither device can become the coordinating device (provided it includes aUT and associated circuitry) This feature permits the PDs to reverseroles with respect to transmission or reception of an encryption key andother duties of the coordinating device. Lastly by both PDs addingunique keys into the final encryption, the discovery of one of the keysdoes not compromise the system and is particularly advantageous inavoiding the negative consequences associated with interception of thewirelessly transmitted key by a third party. Reliance on dual keygeneration is consistent with best practices known as “defense indepth”.

In one embodiment of the invention, the CA, generates two separate,independent, time variable encryption keys in association with each userwherein the CA generated keys correspond (i.e. identical or correlateduniquely) to the keys generated by the first and second personal devicesunder the control of the user. By using both a first key transmittedfrom one device to the other, as well as a second key generated locallyin the device receiving the transmitted key (the coordinating device),no harm can come from an unauthorized interception of the first keytransmitted wirelessly from the first to the second device. Should theuser lose control of either device, such as by misplacement or theft ofone of the devices, successful authentication of the user by a thirdparty who comes into possession of the misplaced or stolen device wouldbe virtually impossible.

In a more specific embodiment of the invention, an authentication systemis provided for authenticating users in accordance with anencryption/decryption algorithm (which may be either a symmetrical orasymmetrical key algorithm using first and second separately uniqueencryption keys that are time variable and are uniquely associated witheach user). In this embodiment, two personal devices are providedincluding a first personal device under the control of the user forgenerating the first time variable encryption key using a time variablekey generating algorithm wherein the first personal device includes akey transmitter for transmitting wirelessly within the immediatevicinity of the user the first encryption key. The second personaldevice operates as a coordinating device under the control of the userfor generating the second time variable encryption key using theencryption key generating algorithm wherein the second personal deviceincludes a key receiver (e.g. wireless receiver) for receiving the firstencryption key, and a message transmitter (e.g. wireless transmitter)for transmitting the encrypted message. This embodiment provides anencrypting signal processor for encrypting a message using the first andsecond encryption keys in accordance with the encryption/decryptionalgorithm wherein the signal processor may be located in one of thepersonal devices or may be located in a remote (e.g. cloud) computer.This embodiment further provides a certification authority forauthenticating a user upon receipt of the encrypted message transmittedfrom the second device, wherein the certification authority includes akey generator for generating the first and second encryption keysuniquely identifying each user and a decrypting signal processor fordecrypting the message using the first and second encryption keys inaccordance with the encryption/decryption algorithm to verify theidentity of the user having control of the first and second personaldevices.

More particularly, the present invention contemplates an authenticationsystem that includes a key generating device having an externalconfiguration suitable to be mounted or worn on a user's body forwirelessly transmitting within the immediate proximity of the user'sbody a key signal comprising secret or private key informationcorresponding to the time variable encryption key and a second device,physically separated from the wearable personal device including (1) awireless receiver for receiving the key signal transmitted by thewearable key generating device and (2) a local signal processor for usein forming an encrypted signal in accordance with a predeterminedencryption/decryption algorithm including information relating to theuser's identity and for forwarding the encrypted signal to the AAwithout the use of an optical link that would require specializedoptical imaging and optical scanners at a retailer's point of sale.Either or both personal devices can serve as a coordinating deviceprovided each includes, or has access to, a user interface forinteracting with the user.

The subject invention also allows secure authentication of end users,suchas consumers involved in a proposed financial transaction with aretailer, without revealing any sensitive information to the retailparticipant. This is an important feature as it removes anyresponsibility by the retail participant for keeping the transactiondata safe from unauthorized disclosure.

A further objective of the present invention is to leverage the '397technology to provide a highly secure and unobtrusive method to allowon-site “retail” purchases. The subject invention can also be used toachieve enhanced security and simplicity when used to undertake onlinetransactions.

The present invention allows all sensitive information to be entirelyencrypted and therefore even if the retailer or other party handles orwitnesses the encrypted information, the underlying sensitive inforation is not easily discoverable. Furthermore the sensitive data isonly valid for short periods of time. Even it if is somehow stolen anddecrypted, it can only be used while the keys are valid which can beconfigured to be extremely short periods of time or limited to a singleuse.

Other objectives, advantages and benefits are provided by differentembodiments of the invention (individually and in various combinationsand permutations) including the following:

-   -   a. The end user will experience the same security and ease of        use within the retail purchasing environment that is discussed        more generally in the '397 patent.    -   b. No chain of trust certificate is required to ensure        authentication of transacting parties. However use of one is not        precluded if such use is expedient or convenient in certain        applications    -   c. The subject invention does not rely on the use of public keys        for any User or Retail party to ensure authentication of a        counter-party.    -   d. The subject invention does not require or permit the access        of any party to unencrypted sensitive transaction information        except for the client and the Authentication Authority.    -   e. No party requires proprietary hardware (all parties can run        software on generic computer devices including the retail        device).    -   f. The subject invention relies on a Certification Authority        entity that possesses symmetric key data allowing it to        authenticate and decrypt transaction information from the retail        and user parties. This Authority may take the form of a        centralized service or a diverse consensus driven, cloud based,        distributed computing system employing block chains using a        cryptographic hash of the successive blocks, a timestamp and        transaction data for each transaction.    -   g. Every transaction will be identified by a unique transaction        ID that can be used to confirm the authenticity of the        transaction details when sought by the client or the retailer or        requested by another party permitted by the rules of the AA.    -   h. The highly versatile paired personal devices will further        facilitate more reliable protected area access by improving the        reliability of individual authentication.

As a result of the inventive configuration, numerous technicalimprovements are provided over the prior art. The embodiments of theinvention include combinations of features that, prior to thisdisclosure, were not well-understood, routine or conventionscombinations.

Other objectives, benefits and advantages can be appreciated from thefollowing Description of the Drawings and Detailed Description.

DESCRIPTION OF THE DRAWINGS

FIG. 1 is a diagram of an embodiment of the subject invention suitablefor use in a point of sale retail environment wherein the user has firstand second personal devices (e.g. a Key device and a CoordinatingDevice) within a retailer's establishment equipped with a RetailerDevice adapted to communicate with the user's Coordinating Device.

FIG. 2 is a diagram of the system disclosed in FIG. 1 in whichtransaction details have been transmitted from the Retail Device to theCoordinating Device for display to the user.

FIG. 3 is a diagram of the system disclosed in FIG. 1 in which theCoordinating Device is communicating with the Key Device and the RetailDevice to allow generation of an encrypted message using key 1 suppliedby the Key Device and key 2 generated locally by the Coordinating Deviceand the user ID generated in accordance with the encryption algorithmbeing implemented by the system (Userid).

FIG. 4 is a diagram of the system disclosed in FIG. 1 in which theencrypted message has been sent to the Authentication Authority fordecryption and authentication that is communicated to the CoordinatingDevice.

FIG. 5 is a diagram of the system disclosed in FIG. 1 in which the AA 7is taking necessary actions to complete the financial transaction and toreport the result.

FIG. 6 is a diagram of an alternative use of the subject invention toeffect a transaction with a Retail Device in which the pair of personaldevices operate to forward an encrypted “begin Transaction” message tothe Authentication Authority which, in turn, forwards an encryptedmessage to a Retail Device including a Transactionid.

FIG. 7 is a diagram of the system disclosed in FIG. 5 in whichtransactionsDetails are sent to the Authentication Authority by theRetail Device for transmission to the Coordinating Device for display ofthe Transaction Details for the User.

FIG. 8 is a diagram of the system disclosed in FIG. 5 in which theCoordinating Device returns an encrypted message to the AuthenticationAuthority to indicate user acceptance of the terms of the transaction.

FIG. 9 is a diagram of the system disclosed in FIG. 5 in which theAuthentication authority forwards an encrypted message to both theCoordinating Device and the Retail Device indicating that thetransaction has been successfully completed.

DETAILED DESCRIPTION

With reference to FIG. 1, an embodiment of the subject invention isillustrated wherein a pair of user controlled computing devices, such aspersonal devices 2 and 4, designed in accordance with the subjectinvention, are illustrated. User controlled computing devices may take avariety of forms provided each such device is capable of (1) generatinga time variable encryption key, and (2) communicating that time variableencryption key to a second user controlled computing device. Desirably,the user controlled computing devices should be under the exclusivecontrol of the user, at least during the time that each device is usedto implement the encrypted communication contemplated by this invention.At least one of the user controlled computing devices (and desirablyboth) includes (or communicates with) a user interface UI. Such UI maybe incorporated into the user controlled computing device or may beseparate therefrom. For example the user interface may take the form ofa holographic display, a display screen, a connector for interfacingwith a monitor or any other form that allows a user to interact witheither or both of the user controlled computing devices to implement theencrypted communication which is the purpose of this invention. In amore specific embodiment of this invention illustrated in FIG. 1, theuser controlled computing devices may take the form of personal devices2 and 4 such as a wearable (e.g. smart watch, bracelet, ring, patch,necklace, or other type device whose exterior configuration makes itsuitable to be semi-permanently or permanently mounted on or in theuser's body) or as a handheld (e.g. smartphone, cellular phone,micro-computer, tablet PC or other type device whose exterior makes itssuitable to be handheld). Alternatively, each (or both) of the personaldevices 2 and 4 may also take the form of a subcutaneous chip suitableto be implanted in the user's body or even take the form of a “virtual”personal device located in a remote computer (i.e. in the “cloud”) solong as the user is able to exercise, for all practical purposes,exclusive access to (and operation of) the personal device, at leastduring the time that the device is used to perform encryptedcommunication using the method of this invention. A virtual device wouldsatisfy the requirements of this invention provided the computingfunction of the virtual device was only available to the user in allpractical and normal-use situations. The fact that a systemsadministrator might have some type of supervisory access and/or controlover the virtual device would not preclude such virtual device fromperforming as a personal device for purposes of this invention providedthe end user can exercise control and access to the exclusion of allunauthorized individuals.

A personal device may be a static component (such as a desk topcomputer) that is controlled by the user such as being located in afacility to which access may be controlled by the user (such as theuser's home or private office). A personal device may be available toanother but only if that person is required to present authenticatinginformation that distinguishes that person from the authorized end useror that person is given physical control by the end user. In otherwords, a smartphone remains a personal device even if its owner shouldgive possession of the smartphone to another person.

Control of the device means that the user has the ability to activateand deactivate the device, to the exclusion of others at least duringthe time that a device is used to perform this invention, by virtue ofphysical proximity or entering user codes (e.g. user name and password)or by biometric scans (e.g. fingerprint, facial or iris scan or otherDNA dependent scans) or by proximity of the user to the paired devices.

As will be described in greater detail below, each or both of thepersonal devices may be equipped with a processor suitable to implementan encryption/decryption algorithm for implementing the features of thisinvention that will be described in more detail below. A suitablealgorithm will be generically referred to hereafter as a Syferexalgorithm or Syferex programs (e.g. Syferex mobile apps or Syferexretail apps) for shorthand purposes so long as the respectivealgorithm/program causes the personal device/Retail Device or othercomponent to perform the functions described below.

Specifically with respect to retail transactions, a characteristic ofthe subject invention when applied to the retail environment, is thatthe user employs his pair of computing devices, while under his control,to form an encrypted transaction message, for transfer to thecertification authority, that always includes at minimum:

-   -   1. the two time variable encryption keys generated respectively        by the user controlled computing devices,    -   2. an identification of the retailer providing the services        and/or products to the user, and    -   3. an identifier that can be linked to the details (or include        the details) of the transaction involving the services and/or        products including for example        -   a. date and time of the transaction, and        -   b. the specific services and/or products being supplied to            the user by the retailer,

whereby the certification authority can validate and record thetransaction in association with the retailer and the user.

Different steps and procedures may be employed to allow communicationbetween the user and the retailer directly or via parties, including butnot limited to, the AA, to identify the details of the transaction suchthat in the end the user is able to approve the transaction withaccurate knowledge of the substance of the transaction.

FIG. 1, a User (not shown) having control of the personal devices 2 and4 selects goods to be purchased and provides them to a retailer endpoint such as a retail device 6 programmed to perform the stepsdescribed below. The retailer device 6 and personal device 4,functioning as a coordinating device create a connection that ensuresthat data transmitted between the user and the retailer is accurate (andideally private). This can be achieved in a number of was, includingsharing a secret via an out of band communication path or using a chainof trust system.

In FIG. 2 the retail device 6 provides details of the transaction andthe retailerId to coordinating device 4 via the previously establishedconnection. Summary data such as a hash of these details can be used toconfirm the accuracy of the provided data (optionally provided via anout of band side channel).

FIG. 3 illustrates how the user's coordinating device 4 receives a keygenerated by, and communicated by, the personal device 2 operating as akey generating device in accordance with the protocol described herein(Syferex protocol). If after review of the transaction details, the userdecides to continue with the transaction, his or her assent entered intothe coordinating device (personal device 4) causes the software toprepare a message containing the transaction details mentioned above andthe user's userId (Syferex userId).

FIG. 4 shows the message generated above being encrypted using the 2keys provided by the key generating device (personal device 2) and thecoordinating device (personal device 4) and sending it to acertification authority 7 operating as an authentication authority AA.Because only the AA can decrypt the message and only the encryption keysspecific to that user will successfully decrypt the message, the messageis secure and can self identify the user who has sent it. At this pointthe AA can initiate any financial transaction required secure in theknowledge that the user was indeed to person authorizing thetransaction.

FIG. 5 shows the AA 7 taking necessary actions to complete the financialtransaction and reporting the result of that transaction to both theuser and the retailer

DESCRIPTION OF THE EMBODIMENT OF THE INVENTION ILLUSTRATED IN FIGS. 6-8

Reference will now be made to an additional embodiment of the invention.Referring more specifically to the system illustrated in FIG. 6, a User(not shown) having control of a pair of personal devices selects goodsto be purchased and determines the retailerId. The retailerId can beprovided to the User in a variety of ways including based ongeographical location, broadcast of retailers id on a local wirelessnetwork, entry of the retailerId manually or through Off the Record OTRmeans (such as a qr code or optical scan). One of the personal devicesis equipped with a a user interface UI (including for example a touchscreen, not illustrated). This personal device may be used as aCoordinating Device 10 by the User. Through the UI, the User indicateshe or she wants to initiate the transaction with the retailer. TheCoordinating Device 10 includes a transceiver (not shown) for receivinga time variable encryption key provided by the other personal device(which may be referred to as a Key Device 8 since, in this embodiment,the other personal device functions primarily to provide a time variableencryption key, which may be generated using a pseudo random number).The key is generated and transmitted wirelessly over an encryptedchannel to the Coordinating Device 10 provided the devices aresufficiently close in proximity to allow the transmission signal toreach the Coordinating Device 10. In addition, a a mobile app isinstalled in the personal device 10 and includes instructions causing aprocessor in the Coordinating Device 10 to perform the functionsdescribed herein. In particular, the mobile app causes the processor ofCoordinating Device 10 to generate locally a second time variableencryption key which may also be based on a different pseudo randomnumber. Thereafter, the Coordinating Device 10 uses the two encryptionkeys to encrypt a beginTransaction message which contains theretailerId.

It should be noted that the user could potentially supply a temporaryusername that it would like to use for this transaction. Alternatively,an authenticating authority (AA) 12 (which is a certification authorityfunctioning to authenticate users) could obtain the userId from theretailer via linkage with a Retail Device 14 (i.e. a device under thecontrol of the retailer for supplying the retailerId and other functionsas described below). The AA 12 is programmed to link the userId to thetemp username for recording purposes. Also the user could supply aunique or rare “secret” that would be passed to the retailer so theretailer could show this to the user so the user could verify theretailead supplied resulted in the transaction beginning with thecorrect retailer.

The AA 12 receives a beginTransaction message and decrypts it usingsymmetric keys generated by the AA 12 that are identical to theencryption keys generated by the Key Device 8 and the CoordinatingDevice 10. The process of generating identical (or corresponding)symmetric keys is understood and can be effected by key generationalgorithms that start with identical seeds but which produce a series ofidentical keys that (even if intercepted) cannot be used to predict thenext encryption key generated by the key generation algorithm. Thisallows the AA 12 to authenticate the user provided the AA 12 ispreviously informed of the identity of the user (including sensitiveuser information) and the seed for the encryption key generator. Usingthe retailerId provided to the AA 12 determines how to contact theretailer and potentially carries out sanity checks. The AA 12 generatesa unique transactionId and sends a transactionBegin request to theRetailer Device 14 residing at the retailer's location or at a locationunder the control of the retailer. The retailer receives the transactionbegin message and confirms with the user that the transaction has begun.

In FIG. 7 the embodiment of FIG. 6 is now operating through the RetailerDevice 14 to collect the transaction details and sends these to theCoordinating Device 10 which sends these details, in encrypted form tothe AA 12 in a transactionDetails encrypted message. The AA 12 thenauthenticates and decrypts the message and then sends atransactionDetails message containing the same data to the user'sCoordinating Device 10 after encrypting the message with the appropriateencryption keys. The Coordinating Device 10 can decrypt this message,thus authenticating that the message came from the AA 12, and displaythe transaction details in non-encrypted form on the screen (not shown)of the Coordinating Device 10. The Coordinating Device 10 optionallycompares the transaction details to similar transaction detailsdisplayed by the Retail Device 14 if such is available to the User.

In FIG. 8, the embodiment of FIGS. 6 and 7 is now operating to allow theuser to review the transaction being displayed and to indicate anacceptance of its terms. To facilitate this, the Coordinating Device 10will create a transactionAck message with an accept value and thetransactionId as payload and encrypt the message with the dualencryption keys (generated in the Key Device 8 and Coordinating Device10) and send the message to the AA 12. The AA 12 will then take whataction is required to execute the financial transaction with theappropriate parties as necessary.

In FIG. 9, the AA 12 of the embodiment illustrated in FIGS. 6-8, is nowsending the transactionComplete messages to the user and retailer usingappropriate respective authentication and encryption methodologiesindicating if the transaction has succeeded or not. It may supply areason if the transaction fails.

The system never requires the user to actually enter or view anysecurity data in such a way that it can be recorded. This is a veryimportant advantage of the disclosed invention. Anytime a user isrequired to display keys (such as an RSA token or QR code) or enter data(such as a password), the displayed information can be recorded. Thisadvantage of the disclosed invention will become more important in thefuture given the hugely expanding amount of video surveillance in useworldwide.

A very important addition advantage in certain embodiments of thedisclosed invention is that one of the personal devices (such as thedevice that takes the form of a wearable or implantable chip) could beused to store encrypted personal data (generated in the other personaldevice—e.g. the user's smartphone). In particular, sensitive data couldbe sent wirelessly to the first personal device (e.g. the wearable) forstorage therein where it can be held in encrypted form available only tothe user and unavailable to third parties having no direct physicalpossession of the body mounted computer. Since the data would be storedoutside of the smartphone it would not be compromised upon the loss ortheft of the user's smartphone. At the same time, the personalinformation would only exist within the memory of the wearable and wouldbe encrypted so that it could not be retrieved by anyone without thecooperation and knowledge of the user.

An important advantage of the disclosed invention derives from theability of both personal devices to serve as a coordinating device byproviding both devices with a user interface UI In particular, if thetwo devices take the form of a paired smartwatch and smartphone, thesmartwatch can serve to display relatively common, simple transactiondetails such as the purchase of a cup of coffee. In such circumstances,the smartwatch display could be used to display the simple transactiondetails requiring the user to merely touch the smartwatch screen toindicate approval thereby obviating the need to remove the user'ssmartphone from his/her pocket or purse. Where a more complicatedtransaction is being considered, the larger display of a smartphone,tablet, laptop or even desktop would be better suited.

Another important advantage of the present invention over the inventiondisclosed in the '397 patent is that the handheld device of the '397invention can be replaced by second wearable device, physicallyseparated from the wearable key generating device, having an externalconfiguration suitable to be mounted or worn on (or implanted in) auser's body. This second wearable device includes a wireless receiverfor receiving the key signal transmitted by the wearable key generatingdevice for use in forming an encrypted signal in accordance with apredetermined encryption/decryption algorithm including informationrelating to the user's identity all as disclosed more fully in the '397patent.

The pair of devices used in this improved authentication system wouldpermit greatly expanded functionality over the functions disclosed inthe '397 patent. In particular, the first device could take the form ofa permanently mounted device (such as a subcutaneous chip) and couldoperate a display that is generated by an implant in the eye of the useror as part of a pair of eyeglasses that is capable of creating a virtualimage in the view of the user. In this configuration, the eyeglassescould form the second wearable device. The second device could also takethe form of a semi-permanently mounted device (such as a smartwatch)that includes a user interface allowing the user to entercommands/information on the touch sensitive surface of a display. Thetouch sensitive surface to also respond to finger movements to controlthe location of a cursor movable throughout the image created by theeyeglass or eye implanted chip for generating a viewable image in thefield of view of the user.

POSSIBLE ALTERNATIVE IMPLEMENTATIONS

Phase 1 locd and authenticated session is established between thecoordinating device and the retail endpoint. Care must be taken toreduce the opportunity for a man the middle attack. In particular, caremust be taken to ensure that the client is connected to the actualretail endpoint, instead of a man in the middle or impostor. The dangerhere is that some entity could masquerade as the retail outlet. Such anentity could appear o be the retailer to the customer, and the customerto the retailer. Such an entity could then intercept the retailer'sdata, discard it, and replace it with a transaction of its own,substituting itself as the retail party.

Well known methods for avoiding this problem include Chain of trustcertificates. While not full proof, two available solutions are:

-   -   1. Use the AA as an intermediary, that can authenticate both        parties and decrypt and re-encrypt data meant for the        counterparty.    -   2. Use public keys for each—the challenge here is where to        retain these public keys. The AA presents a logical repositor    -   3. Use chain of trust    -   4. Retailer and Consumer share a secret Tia an off the record        (OTR) channel. This could be the retailerID, or some other        secret key that allows authentication of the these parties in        future communications.    -   5. The AA can be promoted to to provide encryption keys or the        retailer id to the interested parties. This can be done        dynamically or in a cached manner on the syferex applications.    -   6. The AA can be used as an intermediary    -   7. Retail terminal and the user device display a representation        of the transaction details including all of the required details        above (most importantly the retailerId). This representation        (visual hash, hash code, qr code etc or other Off The Record        (OTR) channel would be compared by the user and if they match,        the user would submit to the authentication authority.    -   8. The retailer provides a code to represent the transaction and        sends an encrypted copy to the AA. The user could then get the        transaction id from the retailer using OTR and request a copy of        the transaction from the AA via an encrypted request. The AA can        send a transaction summary to the user encrypting it using the        user's Syferex keys. The user can review the transaction, then        approve by sending an ack message to the AA encrypted with the        user keys.

Phase 2: transaction details are presented to client

the retail endpoint provides transaction details to the client.

required components of transaction details:

-   -   unique (to the retail+user pair) id of transaction    -   retailer Syferex Id    -   amount charged

options components:

-   -   list of items being purchased    -   other details the retailer wants to display to user at time of        purchase (company logo, advertisements, etc)

Phase 3: Encryption of transaction record and submission toauthentication authority.

User can review details of the transaction and accept or decline thepurchase. For ease of use, all interaction on the user's part needs tobe done through a single device (though it should also be possible foreither Consumer device to be used as the coordinating device). Uponaccepting the transaction the Syferex software on the coordinatingdevice will generate its own key and request a paired key from the keydevice. The coordinating device would then use the 2 keys to encrypt themessage with the required transaction information listed above providedby the retailer in a manner such that only the authenticating authoritycan decrypt it. This package can then be forwarded either to theretailer or to the authentication authority directly from the userdevice. The implementation must ensure that the user need not take anyaction (input no password or details) for the authentication informationto be created and forwarded. The Syferex software handles thisseamlessly when prompted by the accepting of the transaction.

Phase 4: Authentication by authentication authority:

Upon receipt of the transaction package from the user device theAuthentication Authority will decrypt the package and using theconsumeriD in the package compare the 2 keys provided with its local keystore to determine if the Consumer is indeed who she claims to be. Itwill then examine the transaction details to ensure this is a uniquetransaction that has not been previously approved. If approved theauthentication authority will either contact the financial institutionwith the transaction details and identification of the user, or possiblyrelease these kinds itself. At this point, the AA can execute thefinancial transaction by, for example, authorizing a Financialinstitution to undertake to complete the transaction and by acceptingconditional legal and financial responsibility (in exchange for a modestfee) for the consequences should the identity of the consumer prove tobe incorrect. All parties to the transaction will benefit by eliminationof significant opportunities for fraudulent actions that exist in mostfinancial transactions that take place in the retail environment wherecredit is extended to the user or even cash is now used by thepurchaser.

Instead of the user collecting the transaction details and retaileridand submitting the transaction to the AA to be forwarded to the retailerand matched to a pending transaction on the retailer's local system (thecheckout counter for example), the user could supply their UserID (viabroadcast or OOB channel) to the retailer. Since the retailer alreadyhas the other components of the the transaction (the products, cost andretailerID) the retailer can add the usead to the pending transactioninformation and send it securely to the AA. The AA then can ensure thatthe transaction summary is forwarded to the specified user for approval.The advantage here is two fold: existing retail hardware used for retailtransactions (product scanner, inventory verification, receiptgenerator) etc can be leveraged. Additionally, the human motivation toinject erroneous userids into the transaction are limited. Such acompromised transaction would result in the AA sending the transactionto the injected user, who would then have the option to reject thetransaction or accept it. In the case this transaction is accepted theactual user would not lose money. The retailer would receive the fundsexpected and the true user should be able to identify the fraud (i e.the transaction would never be forwarded to the true user for approval).Such a scenario would of course be undesirable and systems and policieswould and can be instituted to eliminate or reduce the possibility ofthis type of fraud happening,

Secure area access control will be enhanced by the increased accuracyand convenience of the present invention over prior art access controldevices.

It should be further noted that the User device could create a complexkey and encode userId with said key to the retailer. Then the retailercould receive the encrypted user id and provide inventory of thepurchase to the user along with a selection of random data options(colors, icons, numbers) via a line of sight interaction (displayed on ascreen for instance). Thereafter, the user selects one of these optionsand this selection is included in the transaction summary that isencoded by the retailer and sent to the AA. This message thereforeincludes

-   -   The userid encoded by the users syferex complex key (only AA can        decrypt)    -   The transaction details (items and price)    -   The secret selected by the user    -   The retailer id    -   The entire message is encrypted (possibly using the public key        of the AA or maybe the syferex key of the retailer)

The AA decrypts the package and authenticates the user by proving thatit can only decrypt the users id with the user's syferex key. Itconfirms that the transaction is valid (user has sufficient funds) andthen encrypts a summary of the transaction and the secret selected bythe user with the users syferex key and send it to the user. The usercan confirm that the transaction is valid and ack the transaction backto the AA who will the process the transaction. This ack must contain acopy of the transaction details to ensure that it is only usable for thecurrent transaction (otherwise nefarious actors could replay this ackfor multiple copies of the same transaction (transaction ID shouldaccomplish this)

To “man in the middle” MIM attack this transaction, the MIM will need tofake the inventory of the transaction (can be done, for instance, atStarbuck's most transactions are a large coffee) and the secret chosenby the user [not easy to fake by the MIM, though possible by observingthe OTR channel (watching the user select the secret)].

Additionally, other combinations, admissions, substitutions andmodifications will be apparent to the skilled artisan in view of thedisclosure herein. Accordingly, the present invention is not intended tobe limited by the description of the various embodiments but is to bedefined by a reference to the appended claims.

1-30. (canceled)
 31. An encryption system operating in accordance withan encryption/decryption algorithm using first and second separatelyunique encryption keys, comprising A. a first user controlled computingdevice under the control of the user for generating said firstencryption key using an encryption key generating algorithm, said firstuser controlled computing device including a key transmitter fortransmitting wirelessly said first encryption key; B. a second usercontrolled computing device, operating as a coordinating device underthe control of the user, for generating said second encryption key usingthe encryption key generating algorithm, said second user controlledcomputing device including i. a key receiver for receiving the firstencryption key, and ii. a message transmitter for transmitting saidencrypted message; and C. an encrypting signal processor for formingsaid encrypted message using said first and second encryption keys inaccordance with said encryption/decryption algorithm, whereby saidencrypted message may be transmitted wirelessly and decrypted securelyusing said first and second keys in accordance with theencryption/decryption algorithm.
 32. An encryption system as defined byclaim 1, wherein said encrypting signal processor is located within oneof said user controlled computing devices.
 33. An encryption system asdefined by claim 1, wherein said encrypting signal processor is locatedin a remote computer.
 34. An encryption system as defined by claim 1,wherein said first user controlled computing device includes saidencrypting signal processor and said second personal device includes asecond encrypting signal processor.
 35. An encryption system as definedby claim 1, wherein one of said first and second user controlledcomputing devices includes a user interface for forming a usercoordination device allowing wireless transmission of the encryptedmessage securely without requiring the user to employ viewable securitydata.
 36. An encryption system as defined by claim 1, wherein both ofsaid first and second user controlled computing devices includes a userinterface for enabling user interaction with the encryption systemwhereby the user may elect to use either device as a user coordinationdevice and allowing wireless transmission of the encrypted messagesecurely without requiring the user to employ viewable security data.37. An encryption system as defined by claim 1, wherein one or both ofsaid first and second controlled computing devices has an externalconfiguration suitable to be mounted or worn on a user's body.
 38. Anencryption system as defined by claim 1, wherein one or both of saidfirst and second user controlled computing devices has an externalconfiguration suitable to be held in the user's hand.
 39. An encryptionsystem as defined by claim 1, wherein one of said first and second usercontrolled computing devices has an external configuration suitable tobe mounted on a user's body and the other user controlled computingdevice has an external configuration suitable to be held in a user'shand.
 40. An encryption system as defined by claim 1, wherein one ofsaid user controlled computing devices has an external configurationsuitable for being implanted in the user subcutaneously.
 41. Anencryption system as defined in claim 1, wherein said encrypting signalprocessor is located in a remote computer.
 42. A user controlledhandheld computing device for use in an encryption system operating inaccordance with an encryption/decryption algorithm requiring first andsecond encryption keys and wirelessly connected to a body mounted usercontrolled computing device operating to generate and wirelesslybroadcast a first encryption key, comprising A. a key receiver forreceiving wirelessly the first encryption key from the body mounted usercontrolled computing device, B. an encryption key generator forgenerating the second encryption key, C. an encrypting signal processorfor forming an encrypted message using the first and second encryptionkeys in accordance with an encryption/decryption algorithm, and D. awireless transmitter for transmitting wirelessly said encrypted messagesecurely without requiring the user to employ viewable security data.43. A user controlled handheld computing device as defined by claim 12,wherein said encrypting signal processor is located within said usercontrolled handheld computing device.
 44. A user controlled handheldcomputing device as defined by claim 12, wherein said encrypting signalprocessor is located in a remote computer.
 45. A user controlledhandheld computing device as defined by claim 12, wherein a secondencrypting signal processor is located within the body mounted usercontrolled computer.
 46. A user controlled handheld computing device asdefined by claim 12, further including a first user interface forforming a user coordination device.
 47. A user controlled handheldcomputing device as defined by claim 16 adapted to wirelesslycommunicate with a body mounted user controlled computing device havinga second user interface whereby the user may elect to use eithercomputing device as a coordination device.
 48. A body mountable usercontrolled computing device for use in an encryption system operating inaccordance with an encryption/decryption algorithm requiring first andsecond encryption keys and wirelessly connected to a handheld usercontrolled computing device operating to generate and wirelesslybroadcast a first encryption key, comprising A. a key receiver forreceiving wirelessly the first encryption key from the handheld usercontrolled computing device, B. an encryption key generator forgenerating the second encryption key, C. an encrypting signal processorfor encrypting an encrypted message using the first and secondencryption keys in accordance with an encryption/decryption algorithm,and D. a wireless transmitter for transmitting wirelessly said encryptedmessage securely without requiring the user to employ viewable securitydata.
 49. A body mountable user controlled computing device as definedby claim 18, further including a first user interface for enabling userinteraction with the user controlled handheld computing device.
 50. Abody mountable user controlled computing device as defined by claim 19adapted to wirelessly communicate with a handheld user controlledcomputing device having a second user interface whereby the user mayelect to use either computing device as a coordination device.